Migrating to ASA 7.1 for VPN 3000 Concentrator Administrators - Index [Cisco ASA 5500-X Series Next-Generation Firewalls]

Table Of Contents

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

A

AAA, comparing VPN 3000 with ASA21

AAA server groups, adding AAA hosts107

accounting

management traffic, VPN 3000 vs. ASA21

RADIUS, comparing VPN 3000 with ASA21

ACL manager100

ACLs

adding99

bypassing

LAN-to-LAN IPSec traffic70

remote access82

comparing VPN 3000 with ASA24

configuring for LAN-to-LAN66

downloadable18

adaptive security appliance, overview27

Advanced Inspection and Prevention Security Services Module (AIPSSM)17

AES62

Aggressive Mode17

AIP SSM17

Are You There (AYT) firewall policy93, 98

ASA system, overview27

attribute-value pairs (AVP)31

authentication, certificate56

B

bandwidth reservation, comparing VPN 3000 with ASA23

C

Central Protection Policy (CPP)93, 98

certificate enrollment

authenticating to the CA56

generating key pairs52

summary of steps52

trustpoint configuration54

certificate management in ASDM58

CLI17

client firewall97

Are You There (AYT) policy93, 98

Central Protection Policy (CPP)93, 98

configuring93

allowing HTTP traffic101

default93

rules for firewall filters93

group policy95

local93

policies97

configuring

AAA hosts107

ACLs66, 99

address management method41

address pools104

administrator password41

authentication41

client firewall93

crypto map, IPSec LAN-to-LAN tunnel68

default client firewall93

dynamic crypto map, remote-access tunnel80

extended access list rule99

external authentication109

external server104

external server group105

group policy, client firewall95

interfaces

IPSec LAN-to-LAN tunnel60, 64

remote-access tunnel72, 75

internal server user database41

IP interfaces40

IPSec group41

IPSec LAN-to-LAN tunnel59

ISAKMP policy

IPSec LAN-to-LAN tunnel61

remote-access tunnel73

load balancing111

network list85

QoS115

RADIUS104

split tunneling85

system information40

transform set, remote-access tunnel77

tunnel group

IPSec LAN-to-LAN tunnel67

remote-access tunnel78

split tunneling90

tunneling protocols and options40

user access, remote-access tunnel76

configuring users17

connection timeout, TCP18

crypto map

applying to interfaces70

configuring for LAN-to-LAN68

creating for using dynamic crypto map82

D

data integrity, Phase 2, default setting16

dbgtrace logging levels, security appliance17

default

DefaultL2Lgroup28

DefaultRAgroup28

DfltGrpPolicy32

group policy32

default group policy31

default tunnel group28

Denial of Service (DoS) attack17

DES, IKE policy keywords (table)62

Diffie-Hellman, groups supported62

documentation

additionalvii

cautionsix

notesix

DoS attack17

dynamic crypto map

configuring for remote access80

crypto map usage82

E

encryption algorithm, default16

enrolling for certificate

authenticating to the CA56

generating key pairs52

summary of steps51

trustpoint configuration54

enrolling for identity certificate57

extended access list rule99

external authentication, configuring for tunnel group109

external server

configuring104

protocols supported106

external server group, configuring105

F

fallback, VPN 3000 vs. ASA21

feature map, VPN 3000 to security appliance15

filters

comparing VPN 3000 with ASA24

VPN 300018

firewall

client93

unlocking, comparing VPN 3000 with ASA24

firewall policy97

firewall types97

G

general attributes, tunnel group29

general tunnel-group connection parameters29

Group 5, Diffie Hellman62

group policy

client firewall95

configuring32

default32

definition31

split tunneling88

group policy, default31

H

HTTP traffic101

hub-and-spoke configuration17

hybrid server group, support on VPN 3000 vs. ASA21

I

identity certificate, enrolling57

IKE

negotiation16

Phase 2 Data Integrity, enabling25

policy keywords61

IKE keepalive setting

tunnel group30

inspection, packet17

interfaces

configuring for LAN-to-LAN60

configuring for remote access72, 75

IP address pool, configuring104

IPSec

comparing VPN 3000 with ASA22

LAN-to-LAN, permitting70

remote access, permitting82

tunnel mode64

IPSec LAN-to-LAN tunnel

configuring ACLs66

configuring crypto map68

configuring interfaces60, 64

configuring ISAKMP Policy61

configuring tunnel group67

IPSec parameters, tunnel group30

ISAKMP

configuring61, 73

enabling Phase 2 data integrity25

ISAKMP keepalive setting

tunnel groups30

K

key length, RSA19

key pairs, generating52

L

L2TP, L2TP over IPSec, and PPTP16

LAN-to-LAN tunnel, configuring59

license, comparing of VPN 3000 with ASA20

load balancing

comparing VPN 3000 with ASA22

configuring111

logging, event, VPN 300017

low-latency queueing (LLQ), comparing VPN 3000 with ASA23

low memory, action16

M

management traffic accounting, VPN3000 vs. ASA21

managing certificates in ASDM58

MD562

memory red condition16

minimum bandwidth guarantee, comparing VPN 3000 with ASA23

modes, comparing VPN 3000 with ASA22

N

navigation map for ASDM121

network list, configuring85

network mask18

nice reboot16

O

object group, comparing VPN 3000 with ASA22

P

packet inspection17

permitting IPSec traffic

LAN-to-LAN70

remote access82

Phase 2 data integrity

default setting16

enabling16, 25

PKI

certificate19

implementation on ASA37

new CLI commands37

policing, comparing VPN 3000 with ASA23

protocols, external servers106

Q

Quality of Service (QoS)

comparing VPN 3000 with ASA23

configuring115

Quick Configuration program, VPN 300039

R

RADIUS accounting, VPN 3000 vs. ASA21

RADIUS server, configuring104

reboot, nice16

related documentationviii

remote-access tunnel

configuring71

configuring dynamic crypto map80

configuring interfaces72, 75

configuring ISAKMP policy73

configuring transform set77

configuring tunnel group78

configuring user access76

RSA key length19

S

service policy rule wizard115

session timeout, TCP18

SHA, IKE policy keywords (table)62

Split DNS92

split tunneling

configuring85

firewalls93

group policy88

tunnel group90

syslog levels, security appliance17

T

TCP connection timeout18

timeout, TCP connection18

transform set, configuring for remote access77

Triple DES, IKE policy keyword (table)62

trustpoint19, 54

tunnel group

configuring for LAN-to-LAN67

configuring for remote access78

default28

definition28

external authentication109

IPSec parameters30

tunnel-group

general attributes29

webvpn attributes31

U

user

configuring34

configuring specific34

users

adding for remote access76

configuring17

V

VPN 3000 features in ASA27

VPN client

configuring a client firewall to allow HTTP traffic101

firewall options93

firewall policy98

stateful firewall97

VPN Wizard42

W

WebVPN

comparing VPN 3000 with ASA20

webvpn attributes, tunnel-group31

WebVPN tunnel-group connection parameters31

wildcard mask18

wizards

service policy rule115

VPN42

	Migrating to ASA 7.1 for VPN 3000 Concentrator Administrators
	Index
Migrating to ASA 7.1 for VPN 3000 Concentrator Administrators About This Guide Feature Differences Introducing the ASA System Getting Started Building Basic IPSec VPN Tunnels Performing Selected User Management Tasks Configuring Traffic Management Mapping Topics from VPN Series Concentrators to ASDM Appendix B: Mapping Debug/Event Levels from VPN 3000 Series Concentrators to the ASA Index	Download this chapter Index Feedback Table Of Contents A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - Index A AAA, comparing VPN 3000 with ASA21 AAA server groups, adding AAA hosts107 accounting management traffic, VPN 3000 vs. ASA21 RADIUS, comparing VPN 3000 with ASA21 ACL manager100 ACLs adding99 bypassing LAN-to-LAN IPSec traffic70 remote access82 comparing VPN 3000 with ASA24 configuring for LAN-to-LAN66 downloadable18 adaptive security appliance, overview27 Advanced Inspection and Prevention Security Services Module (AIPSSM)17 AES62 Aggressive Mode17 AIP SSM17 Are You There (AYT) firewall policy93, 98 ASA system, overview27 attribute-value pairs (AVP)31 authentication, certificate56 B bandwidth reservation, comparing VPN 3000 with ASA23 C Central Protection Policy (CPP)93, 98 certificate enrollment authenticating to the CA56 generating key pairs52 summary of steps52 trustpoint configuration54 certificate management in ASDM58 CLI17 client firewall97 Are You There (AYT) policy93, 98 Central Protection Policy (CPP)93, 98 configuring93 allowing HTTP traffic101 default93 rules for firewall filters93 group policy95 local93 policies97 configuring AAA hosts107 ACLs66, 99 address management method41 address pools104 administrator password41 authentication41 client firewall93 crypto map, IPSec LAN-to-LAN tunnel68 default client firewall93 dynamic crypto map, remote-access tunnel80 extended access list rule99 external authentication109 external server104 external server group105 group policy, client firewall95 interfaces IPSec LAN-to-LAN tunnel60, 64 remote-access tunnel72, 75 internal server user database41 IP interfaces40 IPSec group41 IPSec LAN-to-LAN tunnel59 ISAKMP policy IPSec LAN-to-LAN tunnel61 remote-access tunnel73 load balancing111 network list85 QoS115 RADIUS104 split tunneling85 system information40 transform set, remote-access tunnel77 tunnel group IPSec LAN-to-LAN tunnel67 remote-access tunnel78 split tunneling90 tunneling protocols and options40 user access, remote-access tunnel76 configuring users17 connection timeout, TCP18 crypto map applying to interfaces70 configuring for LAN-to-LAN68 creating for using dynamic crypto map82 D data integrity, Phase 2, default setting16 dbgtrace logging levels, security appliance17 default DefaultL2Lgroup28 DefaultRAgroup28 DfltGrpPolicy32 group policy32 default group policy31 default tunnel group28 Denial of Service (DoS) attack17 DES, IKE policy keywords (table)62 Diffie-Hellman, groups supported62 documentation additionalvii cautionsix notesix DoS attack17 dynamic crypto map configuring for remote access80 crypto map usage82 E encryption algorithm, default16 enrolling for certificate authenticating to the CA56 generating key pairs52 summary of steps51 trustpoint configuration54 enrolling for identity certificate57 extended access list rule99 external authentication, configuring for tunnel group109 external server configuring104 protocols supported106 external server group, configuring105 F fallback, VPN 3000 vs. ASA21 feature map, VPN 3000 to security appliance15 filters comparing VPN 3000 with ASA24 VPN 300018 firewall client93 unlocking, comparing VPN 3000 with ASA24 firewall policy97 firewall types97 G general attributes, tunnel group29 general tunnel-group connection parameters29 Group 5, Diffie Hellman62 group policy client firewall95 configuring32 default32 definition31 split tunneling88 group policy, default31 H HTTP traffic101 hub-and-spoke configuration17 hybrid server group, support on VPN 3000 vs. ASA21 I identity certificate, enrolling57 IKE negotiation16 Phase 2 Data Integrity, enabling25 policy keywords61 IKE keepalive setting tunnel group30 inspection, packet17 interfaces configuring for LAN-to-LAN60 configuring for remote access72, 75 IP address pool, configuring104 IPSec comparing VPN 3000 with ASA22 LAN-to-LAN, permitting70 remote access, permitting82 tunnel mode64 IPSec LAN-to-LAN tunnel configuring ACLs66 configuring crypto map68 configuring interfaces60, 64 configuring ISAKMP Policy61 configuring tunnel group67 IPSec parameters, tunnel group30 ISAKMP configuring61, 73 enabling Phase 2 data integrity25 ISAKMP keepalive setting tunnel groups30 K key length, RSA19 key pairs, generating52 L L2TP, L2TP over IPSec, and PPTP16 LAN-to-LAN tunnel, configuring59 license, comparing of VPN 3000 with ASA20 load balancing comparing VPN 3000 with ASA22 configuring111 logging, event, VPN 300017 low-latency queueing (LLQ), comparing VPN 3000 with ASA23 low memory, action16 M management traffic accounting, VPN3000 vs. ASA21 managing certificates in ASDM58 MD562 memory red condition16 minimum bandwidth guarantee, comparing VPN 3000 with ASA23 modes, comparing VPN 3000 with ASA22 N navigation map for ASDM121 network list, configuring85 network mask18 nice reboot16 O object group, comparing VPN 3000 with ASA22 P packet inspection17 permitting IPSec traffic LAN-to-LAN70 remote access82 Phase 2 data integrity default setting16 enabling16, 25 PKI certificate19 implementation on ASA37 new CLI commands37 policing, comparing VPN 3000 with ASA23 protocols, external servers106 Q Quality of Service (QoS) comparing VPN 3000 with ASA23 configuring115 Quick Configuration program, VPN 300039 R RADIUS accounting, VPN 3000 vs. ASA21 RADIUS server, configuring104 reboot, nice16 related documentationviii remote-access tunnel configuring71 configuring dynamic crypto map80 configuring interfaces72, 75 configuring ISAKMP policy73 configuring transform set77 configuring tunnel group78 configuring user access76 RSA key length19 S service policy rule wizard115 session timeout, TCP18 SHA, IKE policy keywords (table)62 Split DNS92 split tunneling configuring85 firewalls93 group policy88 tunnel group90 syslog levels, security appliance17 T TCP connection timeout18 timeout, TCP connection18 transform set, configuring for remote access77 Triple DES, IKE policy keyword (table)62 trustpoint19, 54 tunnel group configuring for LAN-to-LAN67 configuring for remote access78 default28 definition28 external authentication109 IPSec parameters30 tunnel-group general attributes29 webvpn attributes31 U user configuring34 configuring specific34 users adding for remote access76 configuring17 V VPN 3000 features in ASA27 VPN client configuring a client firewall to allow HTTP traffic101 firewall options93 firewall policy98 stateful firewall97 VPN Wizard42 W WebVPN comparing VPN 3000 with ASA20 webvpn attributes, tunnel-group31 WebVPN tunnel-group connection parameters31 wildcard mask18 wizards service policy rule115 VPN42
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks